From aa4bbc8fce8c166e45c70568a200a148c5183b38 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Sat, 9 Jul 2016 04:12:09 +0200 Subject: [PATCH] Ajoute des acls sur les vues critiques --- cotisations/views.py | 11 ++++++++++- topologie/views.py | 6 +++++- users/models.py | 9 ++++++--- users/views.py | 6 ++++-- 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/cotisations/views.py b/cotisations/views.py index bc38b151..a196af61 100644 --- a/cotisations/views.py +++ b/cotisations/views.py @@ -5,7 +5,7 @@ from django.shortcuts import render, redirect from django.shortcuts import render_to_response, get_object_or_404 from django.core.context_processors import csrf from django.template import Context, RequestContext, loader -from django.contrib.auth.decorators import login_required +from django.contrib.auth.decorators import login_required, permission_required from django.contrib import messages from django.db.models import Max, ProtectedError @@ -91,6 +91,7 @@ def edit_facture(request, factureid): return form({'factureform': facture_form}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def add_article(request): article = ArticleForm(request.POST or None) if article.is_valid(): @@ -100,6 +101,7 @@ def add_article(request): return form({'factureform': article}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def edit_article(request, articleid): try: article_instance = Article.objects.get(pk=articleid) @@ -114,6 +116,7 @@ def edit_article(request, articleid): return form({'factureform': article}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def del_article(request): article = DelArticleForm(request.POST or None) if article.is_valid(): @@ -124,6 +127,7 @@ def del_article(request): return form({'factureform': article}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def add_paiement(request): paiement = PaiementForm(request.POST or None) if paiement.is_valid(): @@ -133,6 +137,7 @@ def add_paiement(request): return form({'factureform': paiement}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def edit_paiement(request, paiementid): try: paiement_instance = Paiement.objects.get(pk=paiementid) @@ -147,6 +152,7 @@ def edit_paiement(request, paiementid): return form({'factureform': paiement}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def del_paiement(request): paiement = DelPaiementForm(request.POST or None) if paiement.is_valid(): @@ -161,6 +167,7 @@ def del_paiement(request): return form({'factureform': paiement}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def add_banque(request): banque = BanqueForm(request.POST or None) if banque.is_valid(): @@ -170,6 +177,7 @@ def add_banque(request): return form({'factureform': banque}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def edit_banque(request, banqueid): try: banque_instance = Article.objects.get(pk=banqueid) @@ -184,6 +192,7 @@ def edit_banque(request, banqueid): return form({'factureform': banque}, 'cotisations/facture.html', request) @login_required +@permission_required('trésorier') def del_banque(request): banque = DelBanqueForm(request.POST or None) if banque.is_valid(): diff --git a/topologie/views.py b/topologie/views.py index 832c7539..ca36b2fd 100644 --- a/topologie/views.py +++ b/topologie/views.py @@ -1,6 +1,6 @@ from django.shortcuts import render, redirect from django.contrib import messages -from django.contrib.auth.decorators import login_required +from django.contrib.auth.decorators import login_required, permission_required from django.db import IntegrityError from topologie.models import Switch, Port @@ -23,6 +23,7 @@ def index_port(request, switch_id): return render(request, 'topologie/index_p.html', {'port_list':port_list, 'id_switch':switch_id, 'nom_switch':switch}) @login_required +@permission_required('admin') def new_port(request, switch_id): try: switch = Switch.objects.get(pk=switch_id) @@ -42,6 +43,7 @@ def new_port(request, switch_id): return form({'topoform':port}, 'topologie/port.html', request) @login_required +@permission_required('admin') def edit_port(request, port_id): try: port = Port.objects.get(pk=port_id) @@ -56,6 +58,7 @@ def edit_port(request, port_id): return form({'topoform':port}, 'topologie/port.html', request) @login_required +@permission_required('admin') def new_switch(request): switch = EditSwitchForm(request.POST or None) if switch.is_valid(): @@ -65,6 +68,7 @@ def new_switch(request): return form({'topoform':switch}, 'topologie/port.html', request) @login_required +@permission_required('admin') def edit_switch(request, switch_id): try: switch = Switch.objects.get(pk=switch_id) diff --git a/users/models.py b/users/models.py index ebe93ab8..7e766e5b 100644 --- a/users/models.py +++ b/users/models.py @@ -8,7 +8,6 @@ from django.contrib.auth.models import AbstractBaseUser, BaseUserManager from topologie.models import Room - def remove_user_room(room): """ Déménage de force l'ancien locataire de la chambre """ try: @@ -133,8 +132,12 @@ class User(AbstractBaseUser): def get_short_name(self): return self.name - def has_perm(self, perm, obj=None): - # Simplest version + def has_perms(self, perms, obj=None): + for perm in perms: + try: + Right.objects.get(user=self, right__listright=perm) + except Right.DoesNotExist: + return False return True def has_module_perms(self, app_label): diff --git a/users/views.py b/users/views.py index 38d36a9a..83b529e9 100644 --- a/users/views.py +++ b/users/views.py @@ -5,12 +5,12 @@ from django.shortcuts import render_to_response, render, redirect from django.core.context_processors import csrf from django.template import RequestContext from django.contrib import messages -from django.contrib.auth.decorators import login_required +from django.contrib.auth.decorators import login_required, permission_required from django.db.models import Max, ProtectedError from django.db import IntegrityError from django.utils import timezone -from users.models import User, Right, Ban, Whitelist +from users.models import User, Right, Ban, Whitelist, School from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm from users.models import InfoForm, StateForm, RightForm, SchoolForm from cotisations.models import Facture @@ -154,6 +154,7 @@ def password(request, userid): return form({'userform': u_form}, 'users/user.html', request) @login_required +@permission_required('bureau') def add_right(request, userid): try: user = User.objects.get(pk=userid) @@ -173,6 +174,7 @@ def add_right(request, userid): return form({'userform': right}, 'users/user.html', request) @login_required +@permission_required('bureau') def del_right(request): right = DelRightForm(request.POST or None) if right.is_valid():